Ransomware Activity

Tracking the top ransomware groups and attacks from 2020 onward

From Unit42 report

Palo Alto’s Threat Intel specialist Unit42 have released their 2021 Ransomware Report. By the numbers:

  • 16 variants engage in double extortion, stealing data to force payment
  • Ransom amounts demanded doubled from $15 million in 2019 to $30 million in 2020
  • Ransom amounts paid doubled from a high of $5 million in 2019 to $10 million in 2020
  • The average ransom demand in 2020 was $312,493, tripling from $115,123 in 2019

Analysis of Darkside Ransomware and anatomy of attack per Varonis 03/18/2021

Ryuk ransomware self-spreads to other Windows LAN devices per Bleeping Computer O2/26/21

This new variant has wormlike capabilities so it can spread to other devices on that local network using scheduled tasks. Saw a lot of abuse of scheduled tasks by ransomware in 2020.

Hotarus Group ransomware gang hacks Ecuador’s Ministry of Finance and largest bank per Bleeping Computer 02/26/21 The group used commodity ransomware, Ronggolawe, and stole data. They claim access by compromising third party code used for the bank’s web apps. Lots of third party code compromise across 2020.